query_first(" SELECT comment.*, user.email, user.showemail, user.displayname FROM " . TABLE_PREFIX . "comment AS comment LEFT JOIN " . TABLE_PREFIX . "user AS user ON (comment.userid = user.userid) WHERE comment.commentid = " . intval($bugsys->in['commentid']) ); if (!$comment) { echo 'alert: bad comment'; exit; } $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]"); if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers'))) { echo 'no permission'; exit; } // ################################################################### if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'edit'; } /* #*# do these later after we work out some kind of permission system // ################################################################### if ($_REQUEST['do'] == 'kill') { // run code to remove item in database } // ################################################################### if ($_REQUEST['do'] == 'delete') { // display delete confirmation message }*/ // ################################################################### if ($_POST['do'] == 'update') { if (!$bugsys->in['comment']) { echo 'you need to enter some text'; exit; } $bugsys->in['comment_parsed'] = $bugsys->in['comment']; if (!$bugsys->options['allowhtml']) { $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); } $db->query(" UPDATE " . TABLE_PREFIX . "comment SET comment = '" . $bugsys->in['comment'] . "', comment_parsed = '" . nl2br($bugsys->in['comment_parsed']) . "' WHERE commentid = $comment[commentid]" ); echo "comment saved"; } // ################################################################### if ($_REQUEST['do'] == 'edit') { $comment['posttime'] = datelike('standard', $comment['dateline']); $comment['postby'] = construct_user_display($comment); $comment['comment'] = $bugsys->sanitize($comment['comment']); eval('$template->flush("' . $template->fetch('editcomment') . '");'); } /*=====================================================================*\ || ################################################################### || # $HeadURL$ || # $Id$ || ################################################################### \*=====================================================================*/ ?>